 This is the Ask EFF panel, so check see if you're in the right place. We are the Electronic Frontier Foundation. We're very proud to have an opportunity to be here at DEF CON. We love coming here. We view this as, you know, our people. We don't have to actually explain what we do here at DEF CON. People actually already understand it, and that's just wonderful for us. This is the Ask EFF panel, so we're not going to talk very much. I've asked these of the lawyers who are with me tonight and Seshon, who's one of our technologists, to give maybe two minutes about a particular topic that we're working on so you can hear a little bit about, and then we want to open it up for questions. So I'm going to have each of the lawyers give a short presentation, and then we're going to show a little video that we did about your tools and why you should stand up to defend them. And while that's playing, if you have questions, why don't you go ahead and line up, and when the video is done, we'll just take questions for the rest of the time. A couple of rules. This is your chance to ask the EFF attorney's questions. However, if you've got a serious legal problem, don't do it in a public place. You do not have the attorney-client privilege if you ask us in front of 100 strangers about your legal problems. If you have a real legal problem, please come see us privately and we'll be happy to sit down and talk with you. We not only help people, but we do a lot of work finding lawyers for people. And we're happy to do that, but please do not reveal any of your secrets or anything you've done wrong. This is not confession time, so please do not do that. My name is Cindy Cohen. I'm the legal director of the Electronic Frontier Foundation. Thank you. I'd like to give a special welcome to all the members of law enforcement who may be with us in the audience here tonight. Thank you very much for coming. How many people here are Electronic Frontier Foundation members? Yay for you. Thank you very, very much. And the rest of you, why not? Hopefully by the end of this, we'll be able to do that. How many people have ever used our Action Center and sent a letter to your congressman or somebody? Thank you. Thank you very, very much. When we go to try to argue for something in Congress in front of an agency, we really stand on the shoulders of all the people who take action on EFF so that I can stand up and say, you know those 5,000 letters you got? The question you have to talk to about the issue that those constituents of yours raised. So you really raise us up so that we have a lot more leverage when you take action on these things. So thank you, thank you, thank you. So without further ado, I want to talk a little bit about one of the issues that I'm working on at EFF, and then we'll go through the lawyers and they'll each give a little spiel. I wanted to talk a little bit about electronic voting machines. As I think most people are aware of now, and if not, you should be the electronic voting machines that are now being introduced in jurisdictions across the country are far less secure than the slot machines out there in this casino. Most of them are built on Windows 2000 systems. I don't see why I love DEF CON. Say no more, right? This is not a secure system. It's not a way to make sure your vote is being counted at its cast. This is an issue that EFF picked up early on, and we've been working on now for several years. It doesn't show any sign of ending. We've had some great successes. We've got 26 states to pass laws requiring a voter verifiable paper trail for electronic voting systems. It's not the only solution, but it's the best one we have right now. It's a very good start. But we have a lot more to do because we've had all sorts of craziness, like people doing an electronic voting machine with a voter verified paper trail, and then they refused to actually count the paper saying it's a little too hard for them to do that. So we've got a lot more work to do to shore that up. But we've had some great victories so far. Last year, we basically scared the worst of them all. The voting company known as Deebold out of the state of North Carolina with some litigation that we brought there. And thank you. And we're continuing on. This is an issue that I think people don't like to think about in between elections, but EFF is there in the trenches and even when times are quiet working on that issue, and we're going to continue to do so. I know there's a panel I think Sunday morning on electronic voting with a guy named Mr. Hansen who is from the Accurate Project. It's a great topic and he knows a lot about it. So if you're interested in that, I suggest you catch that. So next I'd like to introduce Kevin Bankston and he's going to talk a little bit about some of what he's doing at EFF. Hi, I'm Kevin. I'm a staff attorney working on free speech and privacy issues. Most of my time right now is devoted to our lawsuit against AT&T. Thank you. In case you haven't heard, we allege that NSA has owned Zord AT&T's network and with AT&T's permission, in which case I'm not really sure they're owning it. A little semantic problem there. And also that AT&T is disclosing the entirety of its database of records about who you call and who you email and when and for how long, et cetera, et cetera, in violation of a laundry list of long-standing statutes and the Fourth Amendment of the Bill of Rights. This is going to be a long, hard case and we're finding it very long and hard. But the conventional wisdom was that when the government intervened in our case, arguing that it should be dismissed because our case would reveal state secrets, that we were going to get our asses kicked. But we kicked ass. We got a decision. Thanks. Two weeks ago, we got a great decision from Judge Von Walker in the Northern District of California saying our case was not going to be dismissed. It was going to go forward. Now that's going, of course, to appeal and that will probably end up before the Supreme Court before it's said and done. But like I said, we're going to fight it long and hard. The problem is now there's a bill working its way through Congress that could end the game. It would essentially give the president a blank check or at least a very, very large check when it comes to foreign intelligence surveillance and most relevant for us it would shuffle our legal challenge and all the other legal challenges involved in the NSA program into a secret court in DC which its only job for the past 30 years has been to secretly approve government applications for wiretaps. So basically, forum shopping of the worst kind, they want to put them all in the one court most likely to legitimate what the president's been doing. So if you walk out of here with one action item it needs to be this, go to our action center and call your senator and say you oppose the Specter Cheney bill and if you want to learn more about that bill and learn more about our case against AT&T we do have a panel specifically about that at noon on Sunday. In the interest of time, I'm not going to really talk about anything else right now other than to say one other fun issue we're working on is cell phone tracking. The government apparently has been routinely tricking judges into giving them orders to track cell phones location without a warrant, without probable cause based on legal arguments that the courts are now calling, thanks in part to our briefing, unsupported, misleading, contrived, a Hail Mary so convoluted as to be perverse and so convoluted as to be likened to a three well bank shot in pool. This just goes to show that when the government is the only person making the argument and closed proceedings, they push the line as far as they can. It's our job to push back and it seems we're doing a pretty good job of it. Thanks to you, thank you. Next up is Kurt Oppsall. Hello, I'm Kurt Oppsall, a staff attorney with EFF working on free speech and privacy issues. I'm also working on the AT&T case but what I wanted to talk to you about were a couple of cases that we worked on over the last year that you might find interesting. One is the Apple v. Doe's case and this is a case involving a subpoena to online journalists for their confidential sources. Apple sued some Doe's, unknown people, presumably employees who had leaked some information about an upcoming product. This was written up in some online magazines as is often the case before Macworld. These things leak out and get published but in this case they filed so they issued some subpoenas and attempted to argue that these journalists did not deserve the reporter's privilege it shouldn't be applied to them. We fought back, we took that through the California Court of Appeal and got a great decision that upholds and defends the rights of online journalists to protect the confidentiality of their sources. It fought back against a trial court decision that had made the privilege inexplicable where someone asserts trade secret rights and the decision was so good that Apple decided not to appeal it further and so we've now come to a final decision on that. The second issue that we worked on was the Sony root kit debacle. As you may recall late last year it became known that Sony had placed a root kit on some of its, as part of some of its DRM, Digital Rights Management Software, software designed to stop you from being able to easily copy their discs. And in addition that was one type of software we did a further investigation with the help of ISAC partners and their good work were able to find another security flaw in the Media Max software which was the second flavor of DRM that Sony was using where they had enabled a privilege escalation attack brought that also to the attention of Sony and were able to get them to get a patch out for it. We eventually were able to reach a settlement with Sony where they are not issuing this DRM anymore. They are reconsidering their entire DRM strategy. Those who bought the defective discs can get their music in an unencumbered format and we're pretty pleased with how that works out. We hope that sends a message to other companies that are considering using DRM in their software. Thank you. Next up is one of our intellectual property lawyers, Jason Schultz. So I'm Jason Schultz. I work on more of the intellectual property side of issues at EFF and for those who don't know that used to be something people didn't think was such an affront but it can be used to shut down a lot of people doing a lot of interesting, useful and socially beneficial things. One of the things I do is a project called the patent busting project so you can check that out more on our site but just recently there's been a lot more patents issuing on all kinds of things that shouldn't be issued on but also there's been a lot more threats. In fact just recently a company called Blackboard has started going after university content course management systems and resource based systems and so there's going to be a lot more of that going on where the so called patent trolls are actually going to go after all kinds of people not just the Microsofts of the world but small little projects as well. So we'll be watching that. A couple of things I wanted to mention. There's a case going on in Oklahoma where a single mom is fought back against the RAAA and got her case dismissed so we're going to be supporting her and she's going to ask for her attorney sees back and there are a lot of hopefully that will start a precedent so we can start to shift that balance a little bit. Also there are a lot of lawsuits going on right now against Google for some of its indexing and searching capabilities and things like that and we're definitely involved in that to the extent that we want to make sure that your ability to access and index information that you find on the web or elsewhere stays free and open and that copyright holders can't come and shut you down for that So we're going to flag one issue. It's not a real case that we're involved with right now. A few things have popped up but just for on the radar there's going to be a lot of intellectual property litigation I think in virtual worlds. Virtual gaming world, second life, things like that. So we're definitely keeping our radar on for that as well because I think there's going to be a few people getting to fights on there if you know what I mean. Thank you. Next up is our brand spanking newest attorney Marsha Hoffman has just joined us in the EFF office in Washington DC where she and another lawyer will be working out of and they're going to be focusing on trying to open up this government to get its secrets out and get as much of that information out to us, the members of the public so we can make informed choices about our government again. Marsha? Hi there. My name is Marsha Hoffman. As Cindy mentioned I am EFF's newest staff attorney. This is my fourth day on the job. It's a great place to be my fourth day on the job speaking at DEF CON. I'm happy to be here and I'm glad you all are excited about what we do. I want to tell you a little bit about the project we're going to be doing out of Washington. There's this law that some of you may be familiar with called the Freedom of Information Act or FOIA. This is a federal law that gives everyone the right to ask the government for information about what it does and we are going to use this law to submit a bunch of requests for information about the government's development of technology, the government's use of that technology to conduct surveillance on the public and the private sector's cooperation with the government to conduct that kind of surveillance or to otherwise infringe upon Americans' rights and we are going to make this information public. The documents that we get we're going to put on our website, we're going to make them available to decision makers and congress and other places and we're going to make them available to the press so that they can report on what we find and also develop investigative journalistic endeavors. So I hope that you all will keep an eye out for what we're doing and of course one of the big things that's important in our work is coming up with ideas for what to ask for and if any of you have ideas for things that EFF should make FOIA requests about by all means pull me aside while I'm here and while you're here send me an email. Thank you. Now what a great place to work your fourth day and we bring you to DEF CON and we put you on stage. Now come on Yeah, buy Marcia a drink she's a good egg. So the last person is Cess Show and then Seth has the great distinction of being the only non-lawyer on our panel. Thank you EFF has lots of lawyers but we also have quite a few techs and Seth is one of our favorites and he's going to talk to you a little bit about some of the more technical stuff that we're up to. Thanks. I wanted to show you a movie, a cartoon that some of our colleagues have put together. I'm a little worried about the volume level because earlier it was kind of blasting so let's give it a try and I apologize if your ears get blasted a little bit. This cartoon was developed for primarily non-technical audiences so if you as a technical audience are amused by that you can take it as a sort of ironic thing or feel cynical about it or something but it was designed certainly as you'll see for a non-technical audience. Okay, we're live to the future in five That's pretty loud. Unfortunately I can't No it'll do it. Okay, thanks Except I can't see what I'm doing because I don't have it on here. Okay there it is. There we go, okay. Okay, we're live to the future in five. In 2006 the entertainment industry asked the government to give them incredible new powers but here in the future those superpowers have become the corruptibles No one is safe. Take the innocent act of making a mix CD for your loved one made from those tunes you heard on your new digital radio. The law says that's legal but under the music industry's digital radio laws the corruptibles can stop any receiver that helps you record particular songs and many other legitimate uses. Looking forward to high definition of TV in the future? If you value your freedom to use Tivo and other gadgets you'll be disappointed. I know it's your favorite. Under the broadcast flag law the corruptibles can keep any digital TV recorder that isn't Hollywood approved out of your hands or rubber. Even computer savvy kids making amazing school projects have to be on the lookout. The movie industry's analog whole bill requires anti-copying spy chips to be included in computers by law. Digitizing even a short sample of the corruptibles and eliminated. In the future new superpowers everywhere fighting innocent consumers breaking new gadgets is there anyone out there who can fight back over to you in the present. Remember the corruptibles are not real but the powers they're using could be. Don't let the entertainment industry try this at home. Find out more about the proposed laws and call your representative now. So I go to a lot of meetings where I actually fight against some of these people and it might be kind of cool if they had the superpowers although I might not escape with my life but as it is actually the corruptibles are sort of stand-ins for people who wear suits and our lawyers get paid to go to meetings in industry groups around the world and it's a little less exciting than the heat vision but they have their own lawyer superpowers and our lawyers have our own lawyer superpowers too so it's pretty great. So as the movie suggests you might have thought that things were bad enough with the DMCA and that the DMCA provided a depressing enough rule and a depressing enough regime for technology regulation but it turns out that the movie industry and the recording industry are not satisfied and they have not been willing to stop there and they're still every day engaging in legislative advocacy trying to get even more powers and more restrictions that go beyond the DMCA and there are these three specific areas in which this legislation is a very real threat to existing devices that you can buy now and use now and we're fighting these and we really need help in this advocacy. We really need people to contact legislators and to say I thought the entertainment industry has already had plenty of power and now they want to ban our ability to record analog video our ability to well the digital radio one is complicated because they don't like the idea that you can pick out a particular song they say you should be able to record but as long as you don't know what's on the radio and as long as you can't pick out particular songs by name or by artist so the devices need to be built specifically so that they don't tell you that in the user interface as a way of setting a recording preference and then for digital television we've been fighting the digital television broadcast flag for four years almost five years now ever since it was first proposed as many of you may be aware together with the American Library Association and Public Knowledge we beat the FCC in court and got the court to throw out the broadcast flag rule and that happened over a year ago now but the movie industry is right back in Congress asking for Congress to write a new law that will give the FCC power to do this and among legislators that law is not considered terribly controversial because industry large parts of industry have accepted it as inevitable so we really need to help from the public to say not only is this not inevitable it's a ridiculous idea so we have our action center action.eff.org which several people have mentioned here provides information about some of the bills that we're currently concerned about or interested in and means of contacting legislators you can also find out you can ask us you can come to our booth, you can read on our website about devices that are currently threatened by legislation you can go out and buy them while you can still get them even simple things like a video card that can record from an analog input is something that people have tried to ban in its present form the sling box and a nice device called the NeurOS that lets you lawfully get things like DVD onto a video iPod or a portable player all of these things are under threat also for those of you who are electrical engineers you can build some of these things help make them more available to people while that's still lawful we look forward to talking to all of you about what we can do about this to try to stop the entertainment industries from getting even further additional powers over technology thanks a lot okay so this is the ask part of the ask EFF panel so if you've got questions please line up in front of the microphone so the audience can hear your questions as well as our answers that makes things work better and we'd be happy to take as many as we can while the time arrives by the way we do have a booth over in the swag area over there and you're welcome to come visit it there's also a dunk tank outside it's a little hidden you have to go back through the game room and there's a little outside courtyard going throughout the weekend and all the proceeds for the dunk tank go to the electronic frontier foundation so it's a way to not only get your friends wet but do a little something good on the side as well yes hi I think this one's for Jason in particular I'm sorry did I get your name right okay a lot of higher education institutions these products like U-Portal or Sakai or open source portal type systems what do you think blackboard is actually going to do are they going to go after those companies directly or do they have tactics to get universities to switch to other products such as blackboard yeah so that was the lawsuit actually I mentioned so thanks for ringing up it's a long clear exactly what they're going for now I think a lot of it's just intimidation I mean Sakai and some of these other projects I think are pushing them in the marketplace to have to innovate and have to kind of keep up maybe lower the prices and I think this is their sort of shot across the bow but they are suing people so we'll see and tell and actually it's sort of interesting people have already created a Wikipedia page to post prior art on the patent on the course management system patent so we'll see how that goes but I think it can almost have a backlash effect I think it's just kind of a gut reaction you get a lot of these companies who once they acquire intellectual property I feel they have to assert intellectual property it's like a gut reaction without even thinking it through so it's hard to know but blackboards actually sued lots of people for lots of crazy reasons they've sued a bunch of kids who first engineered something they did before and Georgia and they're not really a good player in that sense so I don't ascribe any good motivations to them all I think they're just trying to intimidate people and keep their market share next this question is kind of specific but it's got some general principles that would apply my company does open source hosting specifically multimedia audio and video so we get a lot of patents and yes some of our stuff is broken DRM so we've gotten DMCA takedowns and the like for people who host open source software especially things that are likely to infringe are there any steps that can be taken above and beyond the DMCA safe harbor provisions to try to limit how likely you are to have to take stuff down and get sued and the like on the patent front the real problem with patent law right now in the sense that there really is no safe harbor form bill that's sort of working its way through congress it's not fully formed yet so hopefully that will have some help the best thing you can do is to really be in touch with the creators of the code if you're the people who manage the open source project then you should talk to me and if you're not talk to the people who distribute the binaries that you run or whatever and they should talk to me or other people because we're starting to do more work with them and helping them sort of figure out how to collect prior art and be prepared and also there's a place called the public patent foundation that's also doing some of this as well but it's kind of early on there's really no magic shield that you can have it's a really rough area the best thing you can do is prepare as much as possible so when you get that nasty letter we can write one back that's kind of your best bet right now well if it's your software you said some of it's your software then we can talk later and we can figure out and there are some pro bono patent lawyers who do wrangle to give advice and write letters and sort of help support efforts like yours so we can also maybe hook you up with one of them who can actually be kind of your lawyer if we can't do everything Hi, I was wondering is the EFF planning on doing anything to force corporations and government here in the United States to be more responsible as well as accountable for our personal financial data when it's overseas especially in the hands of third party corporations overseas well, I don't I think the short answer is not in the short term I would love to and if you guys want to raise enough money for me to hire a couple more lawyers to work on that I would like to take that issue on because I think it's really important I think that at the moment we're kind of maxed out on projects of that size I apologize I'd love to EFF is 25 people in a little office and now we have two more in DC but in a little tiny office in the mission district in San Francisco 10 times that size so this is my challenge to DEF CON raise enough money to us so that we can be 250 people instead of 25 and then we can take on a wider range of issues I think the financial issues are important but I don't think we can take them on right now because I don't think I have the resources to do it well sorry I wish this is the hardest part of my job you know the number of people who call EFF or email EFF with serious important issues that they'd like us to take on that I can't take on that's the hardest part of my job every single day is making the calculation about whether we have the resources to do something and do it well because when we take something on we take it on and we stick with it so I'm not going to just say yes to everybody we actually do a careful analysis before we do what we do because we're in this to win we're not in this just to raise the flag and then go on to the next whiskey bar Hi there's two parts and you can opt out of the whole thing by saying wow this is out of our scope if you'd like to this spring there was a really red hot Freedom of Information Act request George Washington University it was from the Pentagon let me see Joint Chiefs the Information Operations Roadmap where the internet was referred to regularly as an enemy combatant and outlined ostensibly the Pentagon making internet equivalents of nuclear weapons and that kind of thing to shut everybody down and do all kinds of other things as well as stepping really far into military psyops indirectly aimed at the American public A, are you guys involved in taking any action to monitor or get involved with this kind of event I mean you guys are talking a lot about media things which set all kinds of legal precedents which are stepping stones into much darker territory this is dark and second if you guys do have somebody involved in this who are they and what can we do to help fourth day on the job let's do it well the best that I can say to that is I think it sounds like a very very interesting subject for FOIA stuff and I wanted to talk to you about it further so you know maybe this isn't the time to do it right now but I mean why don't we talk a little bit shots yeah that's the way to go find me so at Bruce Potter's black hat and DEF CON talks he mentioned how the EFF and ACLU will sue companies that do evil things with trusted computing I think his example was if a company required a remote attestation that you weren't running Missile Firefox on your machine before it would give you say security updates or something like that he reassured us that you guys would take care of that sort of and he didn't really tell us what the legal theory would be that you would use in that kind of challenge and I wonder if you could tell us what the legal theory would be and if maybe that means that you guys are so excited now about remote attestation that you think that maybe owner override isn't necessary because you've got this legal theory that I love to hear about well I would I would refer to the lawyers over the question of legal theory my suspicion is that it would be difficult to sue companies that abuse trusted computing because we've seen a lot of companies that have done things that are not necessarily in their customers' interests and there hasn't necessarily always been a legal remedy for that so my impression hearing that earlier was that it's a very optimistic view of the law to think that EFF will always have a legal remedy against every company that does something against the interests of customers whether that's through trusted computing or any other technological area but yes so Seth answered the legal part so I think that's right one of the areas of law that we've been concerned about lately is EULA law and user license agreements and the ways that companies are using click throughs and other contractual arrangements to try to limit what you can do with their tools and to limit your remedies if they've restricted you through the tools and I think that a situation in which Microsoft which they know how to do contracts trust me on this was to sell you a product that does require remote attestation before you can do things with it and you clicked through or signed or got a licensing agreement as part of that product that said that was what you agreed to we'd have an uphill battle to get you out of that contract now I'm not saying we wouldn't win and I'm not saying we wouldn't take it on but I think that it's not appropriate for the proponents of trusted computing to say pay no attention to the excesses and the problems that this product might cause because EFF will come to the rescue and everything will automatically be alright you know we're good we're damn good at what we do but you guys have a responsibility as well not to create situations in which we have to come in and try to help people out and I think that it's not responsible computing to just assume that whatever problems your technology creates are going to get sorted out by the do-gooders over there in the Mission District in San Francisco I think you have an affirmative obligation to protect and to work towards to do ethical computing quite apart from the fact that we're here to try to do the excesses and frankly I find it a bit you know troubling we've got enough on our plate with the federal government AT&T Sony BMG the patent trolls why do we have to take on the technology companies too why can't they be on our side not our side your side so I think that you know I think the short answer is certainly nothing that Bruce said led us to think that we don't like owner override anymore which was a cess insight into one of the ways to deal with the problems with trusted computing he certainly said nothing today that changes my mind about that and in fact I just again I think that we need to hold the people who are proponents of these technologies to a higher standard than to just throw off the possibility of problems and say well there's an EFF so everything will ultimately be okay even if I take no responsibility for making sure that people have tools that actually work for them as opposed to working against them all right I like to know what the current legalities of encryption are in the US and a bit of a stretch how that might differ with say canna I'm from Toronto oh boy encryption a topic near and dear to my heart for over 15 years so well the short answer is it's a long answer but depending on the if you're doing open source crypto where you've got an open source license agreement and you're giving it away in the United States you have an extremely trivial export analysis so using encryption inside the United States and developing encryption inside the United States is completely legal and always has been the problem has always come in the export of encryption and the government has interpreted export very broadly including things like posting it to the internet so that's why you know a lot more things qualify as export than you might otherwise think so if you've got open source things and stuff that you're giving away you're not selling crypto you have a very easy process where you basically send an email to the Bureau of Export Administration saying I'm exporting this crypto talk to you later and you can do it if you're selling crypto it gets much more complicated and there are lots of different levels and the licensing gets more onerous depending on how you're doing it it's still much much better than it was when I first picked up this issue in 1994 we've done we've made great great strides but you need counsel if you're going to sell and now similarly if you're in Toronto and you want to publish stuff from there come see me and we'll talk about it because I don't want to bore these people with the complications of the import of crypto back across the borders kind of issue I think Richard Stallman would be grateful if I pointed out that under those rules if you sell open source crypto then that counts as open source and you are allowed to do that without getting the more elaborate permission free software I was wondering what the current state of getting arrested with a piece of personal technology like a smart phone or a thumb drive or a hard drive is the last precedent that I had heard is that they had been grouped into the class of like a pager due to early drug convictions where they got into the pager and had full access when the person was arrested is that true of kind of higher level devices that a lot of us carry around that have e-mail and gigs of information now this is a pretty fairly still a pretty developing area of 4th Amendment law but generally when you are arrested they can search you and all of your effects as an incident to arrest and so far we haven't had a very good luck in getting courts or the government to recognize that it's a very distinct very different thing to be able to say search your bag which can hold a few things or search which can hold thousands upon thousands of personal files and soon you know we're going to be carrying hundreds of gigs on our persons actually I'm sure there are some in here now carrying hundreds of gigs on their persons half a terabyte with me yeah exactly we think that should be treated differently and that if they were to see things like that there should be a judge overseeing any search of that and that there should be probable cause for them to search any particular segment of your drive or right now it is a very developing area of the law and there's no hard rules small follow up question actually with the encryption theme if something is encrypted on one of those pieces of technology can you be compelled that is also a really interesting question that we'd probably love to litigate there are arguments that could be made that you could not be compelled but none of them have been tested yet but certainly if anyone here has something of their seized and the government is trying to compel their key give us a call for the record I lost all my DSA keys today so that's a topic that we've been waiting for a right case a right case to handle again for probably close to 10 years I've been watching and trying to find the right case for it one of the things that happens often in criminal cases it makes it tough to turn them into test cases is that the people often have other problems that they're dealing with other than the encrypted stuff and they settle or they plea bargain out and the issue that is interesting to us doesn't get become the center of the case so it's not that it doesn't happen it's that often the situation is so complicated that the issue that we really want to pull out doesn't become the focus of the case so it's that's that's why we haven't found the right case yet not not for one of watching I have another patent question I'm trying very hard to convince my employer who's a gigantic company to use GPL software wherever we can and one of the concerns is you know according to one of the talks that Richard gave he made a very good point he said it's impossible to write a program of non-trivial size and not violate some patent somewhere which implies that pretty much every piece of software is open for challenge and so the company is concerned that if we do adopt GPL software internally and become dependent upon it that it'll get be subject to troll or whatever and be a huge disturbance internally and I'm wondering if there's a way around that or some kind of assurance I can give them that that's not going to be a problem yeah I think I might actually approach that the other way around which is any proprietary software you buy is going to have the same problem and I've yet to see any proprietary software vendor say they won't demnify their customers from patent infringement unless it's a private contract I mean if you've contracted someone to develop software for you they might but Microsoft, Adobe, Apple they won't they won't protect you either so I would say your best argument for using GPL software or open store free whatever is to say that the risk is the same and if anything what will happen if you get sued the community will probably rally around you if you buy from a proprietary vendor they're going to be like sorry good luck with that whereas I've seen in some of these other cases where users of open source software get sued that there's a real ability for people to come out of the woodwork and support them, help find prior art service experts things like that so you might actually engender some good will in that sense I mean I think one example real quick not in the patent context but more in the copyright is when SCO started going after Linux and IBM stepped in to defend a lot of people actually got a different viewpoint of IBM as a company now it's a little different because IBM was a distributor themselves of the binaries and things but I think you could position a company so that you actually got a lot of support and good will from using open source so that if you were sued you would have some resources thank you if you could apply the money you saved or the EFS patent-busting project my question is what is EFF doing on net neutrality well okay I'll talk about this a little here's the thing EFF doesn't have we own a truck it's not a truck okay I want to be clear about this so EFF doesn't have a formal position on net neutrality and I think that it's probably fair to start with our board of directors to explain why we have David Farber on our board of director and we have Laurence Lessig on our board of directors two people whose opinion we respect tremendously who disagree very sharply on this issue I'll tell you are uncomfortable in general we're fans of net neutrality I mean all packets are packets and they need to be treated equally as they go across the internet fundamentally important principle the thing that is worrisome to us about the way the net neutrality debate is being is playing in congress is that people want to give the ability to control and regulate the internet to the federal communications commission that's the solution that the pro-network neutrality people are doing you can't tell that unless you look pretty deeply into what they're saying you won't see it in the funny little flashes or the op-ed pieces that are being placed all over the place but you know we care about actually how things get implemented at EFF not just the soundbites what they're trying to implement is to give jurisdiction to the federal communications commission to regulate the internet to regulate the packets on the internet and hope that the federal communications commission which has not stood up for consumers in the six years I've been at EFF and we've been fighting the broadcast flag we had to sue them remember earlier because they were doing Hollywood's bidding and we won and now they're going to congress to get this authority why do you want to give those monsters the ability to decide about whether packets are being fairly passed across the internet this is the problem that we have this is the struggle that we're having everybody at EFF is strongly in favor of network neutrality but the devil's in the details about how you go about fixing it and the current proposals in congress right now make us extremely nervous we've tried to lobby the FCC we've tried to make sure that your voices that consumers voices ordinary people's voices are heard at that agency and frankly we haven't been successful the people who are successful there are the people who have the money and who are the players and the biggest players at the FCC right now is the duopoly it's Verizon it's the big telcos so this is where we have an easiness about the way the network neutrality debate is being framed right now and that's why you don't see EFF having a front position this is the source of our comfort with the way the debate is playing out now we're watching it closely believe me we're part of this as I said we've got two of the leading voices on each side of it on our board there is an ongoing discussion at EFF in this but that's why you haven't seen us out front on network neutrality and if we come up with a silver bullet solution you'll see us but we're still trying to figure out how to do it but I don't think giving the FCC the authority to regulate the internet is the answer to this problem I don't want to say any other a follow-up comment one more example of why you probably don't want to trust the FCC to regulate the internet they've also bent over for the FBI and DOJ and applying Kalea the communications assistance for law enforcement act to the internet to make all the networks tappable these are not the people you want to hand this power to just a follow-up comment as someone who has contributed to you guys for a long time I'm basically looking to you for guidance for the industry so I'm not necessarily looking for you to come down on one side or the other but I'm a regular reader of EFF I really want to see your position and elevate the conversation so that it didn't come up until now I would like to see you the first thing when you come up to the table to say I need to be talking about net neutrality so that we all understand what the issues are we have a paper that's in the works right now and again I can't give you a deadline on when we're going to come out on it because this is an important issue it's a critical issue and EFF we view ourselves as we don't want to be irresponsible about what we say about this and so I hear you and we are working on it and I think you can we'll work on trying to get something out front about our uneasiness and where we see the issues Hi, I have a question about government databases that track a lot of our personal information, the stuff that's both in the commercial sector and the banking and stuff like that that they then will, a lot of times the government can't directly access the information so they'll contact third parties to gather and collect it for them I actually have two parts, one is what's the current legality of them being able to gather a lot of this information into databases like we've heard about like TIA and stuff like that and then also is there anything that we can do like from a disclosure standpoint so the stuff that they tend to try to keep out of the public media that we can try and bring that into the public forum okay as to your first, the first part of your question there is something called the Privacy Act which requires the government to publish details when they build databases on US citizens and to apply fair information practices such that you can find out what records they have on you, you can get them changed if they're incorrect etc etc, the problem is there are very broad carve-outs in that law for law enforcement and national security related databases so in a lot of ways it's kind of the wild west the latest twist on this is that instead of developing their own databases FBI DOJ certainly NSA they are now all clients of the data brokers, your choice points your axioms etc etc these are the companies that collect every possible record on you that they can their audience has typically been marketers now their biggest client is the government particularly post 9-11 this is a hard issue it is primarily a policy issue which is why I'm glad you bring up how do we bring this into the public eye I wish I had an answer to that the fact is it's been revealed that the NSA has compromised all the major internet and phone switches in the country and no one gives a damn except for people like you how do you make people care I don't know Cindy I got a good answer for that I wish I had one well I mean we try right I mean we make funny little videos and we come to speak and we we sue people and we try as much as we can with a pretty tiny voice I mean unfortunately what it takes to get the public's attention is a hell of a lot more money than my budget you buy the TV ads you buy the New York Times ads or wherever and try to permeate the public I wish that I had the budget for one Celine Dion CD the promotional budget for one Celine Dion CD we could make a much bigger splash than we can make we're nimble, we're quick we're in with the small resources that we have but I think the word of mouth is the best way viral viral marketing of these ideas you got to talk to your family, you got to talk to your friends the best way to get people on this bandwagon is if a good trusted friend of theirs explains it to them and tells them why it's important and that's priceless I think this is the last question so I just wanted to personally thank all of you for fighting the good fight in a legal way and it's really performing a great service for us all but basically I just want as you're progressing with what you do and making FOIA requests and just all that stuff on a legal level and all the difficulties that you encounter with the culture of secrecy and the government and that sort of thing you're sort of on a feeling level and I'm directing this to each one of you individually could you briefly summarize kind of like what's the strongest feeling that comes forth if you think back on what you've done so far and maybe also for the future are you optimistic, mostly frustrated and also in a world that the public kind of doesn't get these issues like we do I'll start sometimes I'm frustrated admittedly the trends are all in the wrong direction these days everywhere you look there's some new encroachment some new privacy invasion some new way of stifling speech online that's frustrating but it's also inspiring it's why we're here and it just and so every time we turn around and see that new awful thing it just rededicates us what we're doing and realize that we made the right choice in being a part of EFF thank you for your kind words and I think one of the things that helps us keep going is the support of people like yourself like those in the audience and we're trying to fight the fight the good fight and there's a lot of troubling things out there but you know we want to not give anything up without a fight and try and make a future that we would want to live in I think we're pretty much out of time so thank you thank you all I'll tell you one of the best things that we do every year we come to DEF CON we go back to EFF and we're so rededicated to working for you guys so thank you